Wednesday, February 8, 2023

Utah Bill Seeks to Outlaw ‘Doxing’ — Unless You’re a Retailer

Utah Bill Seeks to Outlaw ‘Doxing’ — Unless You’re a Retailer

Utah state senator Howard A. Stephenson has introduced a bill that will penalize online “doxing” — unless you are a retailer.

Also read: Telegram Agrees to Register in Russia but Not Hand Over User Data

Doxing Disrupts Personal Lives

Stephenson’s bill, S.B. 227, aims to prohibit unauthorized users from disseminating personal identifying information online. This is known commonly as “doxing”. Victims of this practice find their lives disrupted, and often lose their jobs or even need to move house after an incident.

Ear Tag IDHowever authorized retailers who gain your personal identifying information through the use of “electronic product identification or tracking systems, or other technology to identify, track, or price goods” are not subject to the offenses. S.B. 227 offenders could receive a misdemeanor or felony sanction.

The bill defines “identifying information” as: social security number, driver license number, non-driver governmental identification number, bank account number, student identification number, credit or debit card number, personal ID number, unique biometric data, or computer password.

Not considered personal “identifying information” is data “that is lawfully available from publicly available information, or from federal, state, or local government records lawfully made available to the general public.”

It’s Different if You’re a Retailer

Retailers will retain the right to be able to collect personal identifying information as long as the equipment to do so is within the retailer’s location.

Consumer data is important to retailers to give them insights on their products. Consumer data can provide more detailed information about buying, selling, or returning merchandise habits. Within that consumer data there can be personal identifying information.

The bill defined the exemption as:

“A retailer that uses an electronic product identification or tracking system, or other technology to identify, track, or price goods is not guilty of a violation of Subsection (2)(a) if the equipment designed to read the electronic product identification or tracking system data and used by the retailer to identify, track, or price goods is located within the retailer’s location.”

However, aggregating all of this personal identifying information makes for some enticing honeypots for hackers to target. If you provide it, it can still be stolen.

The Crimes and Penalties

Unauthorized access or attempts to access computer hardware or software resulting in damages, theft, or “a benefit for any person without legal right” could be penalized with a misdemeanor or felony.

The charges are decided mostly on the monetary value placed on the damages. Offenders can also be penalized if they are attempting to gather personal identifying information with the intent to disseminate information, where others will further spread that information and or harass the victim.

This offense is a misdemeanor unless this is the third offense making the penalty a third degree felony.

Do you think this law is a good idea? Let’s hear your thoughts.

Images via Pixabay

Bitsonline Email Newsletter